Brute force attack detected
Scenario
GuardDuty detected that one of the EC2 instances is being used to perform a brute force attack
How do I investigate?
- Navigate to GuardDuty in the Security Account and review the findings
- Select the UnauthorizedAccess:EC2/RDPBruteForce finding and review the details
- Click the Learn More or go to Unauthorized Access EC2 RDP Brute Force and review how to remediate
Team Discussion
- What can you do to prepare for handing compromized EC2 instances within your company’s environment?
- What could you do to help the forensics team?
Resources